Posted
by
samzenpus
on Monday February 27, 2012 @10:38AM
from the it-was-the-other-guys dept.

quantr writes "Facebook is being accused of snooping on its users' text messages, but the social network says the accusations are inaccurate and misleading. The company is among a wide-ranging group of Web entities, including Flickr and YouTube, that are using smartphone apps to access text message data and other personal information, according to a Sunday Times report (behind a paywall). The newspaper said Facebook 'admitted' to reading users' text messages during a test of its own messaging service. The report also says information such as user location, contacts list, and browser history are often accessed and sometimes transmitted to third-party companies, including advertisers."

Yes, but most apps are written incorrectly (they don't ask for permissions in a try/catch block), so for example when I told my ROM not to let Facebook access my GPS, the Facebook app would simply crash on opening.
This will only really work if it's a standardized OS-wide feature.

Just be aware of the limitations of the model LBE uses. All root apps like it - including DroidWall, which I use as well - are by their very nature, leaky. If they crash and you don't realize it, they do nothing. If they fail to autostart and you don't realize it, they do nothing. In that small window between when Android boots and LBE/DroidWall autostart, they do nothing. The last case can be helped somewhat by startup managers.

PDroid [xda-developers.com] seeks to shore up those shortcomings, however, it is only available fo

It amuses me how your definition of "written incorrectly" means "not written for a blatantly non-standard use of the Android environment". In NORMAL Android development, the developer can explicitly assume that if permission was NOT granted, the program will simply not exist on the phone. That is how it's designed.

But, sorry that following the design is clearly "incorrect" by your cockamamie idealism. We'll try to anticipate the entire API being pulled out from under us next, because I'm sure you'll bitc

Really as a user, what I would like is a "Verified by Google" program. Submit your app to google along with $5, google takes a look at it, and says, "yep doesn't do anything sneaky, etc" and gives it a filterable attribute to the app so I can see only those if I want.

Maybe it should be $20 for the first submittal, and $5 for updates, seems like "git diff old_app new_app" would work well enough to simplify the looking at updates a lot.

It is in Cyanogenmod 7. In my experience, apps do not handle have permissions removed gracefully, and often crash. If you need to use an app there are times when there is no option but to grant access.

A flaw. Personally, I used to allow Facebook access to my contacts because it's useful to have all my Facebook contacts synced with my phone. Only later did I learn that they upload your phone's whole address book and, by extension, your Google address book to Facebook.

BTW, if you don't think you have a Facebook account, try to think if someone who uses Facebook has entered information about you into their phone book... I know I received a suggestion to friend someone because I used to have their co

The problem is, with the stock android install unlike, for example, Symbian, you can't just say 'no, the app can't have this permission but install it anyway'. I was looking for an app to read QR codes a while ago. The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

I'm not certain, but I think that some people are now putting QR codes onto their business cards that have their contact information embedded. I know one person that has a QR code that takes your phone to his website, but was thinking about trying to get the business card reprinted with his information in VCard format within the QR code instead. I'm guessing that was the reason for the address book permissions (to add to it, not to read it), and that if you had that application, you could add a contact inst

The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

I'm not certain, but I think that some people are now putting QR codes onto their business cards that have their contact information embedded.

I have seen an actual instance of this: a local magazine publisher here prints his business card in the mags he publishes and it contains a QR code with his contact info. If an app could write to the contact list, it could add that information automatically.

But on the other hand, QR codes can be used for other data, too, so an app should be installable with or without this privilege.

But on the third hand, if an app can't to something that it promises, or it gives the user an error message stating that it do

I looked into doing this for my cards, but found out that android will not import contact info directly from a QR code, the best option is to link to a vcard, and the user can download that and then import it. So like 6 clicks to do that, I was hoping for "scan code -> "would you like to import this contact Y/N" -> Done"

The other big UI problem is that the apps don't say WHY they need these privileges.

This is the biggest problem I have with the way the permissions are done. I can never tell why various apps require the different permission sets. I want to know why that game I installed needs my address book or the ability to make phone calls. What is it going to do? Call my friends & tell them I just passed the 2nd level?

Why should you have that power.If I write an app and to pay for it I put ads out you have the right to install it or not.As long as it is made clear what I have access to, If you do not like it then do not install my app.Being able to install my app in any way you want on a free app is not a "right" that you have.You are really going to blame Android for telling you what an ap wants and asking if you really want the program?

It is not.Not that I know of.The point I was making was that the programmer gets to determine what permissions he wants.The user gets to determine if he wants to give that stuff up to have the app.This is not only how it works but in reality it is exactly as it should work. The only times that you have problems are when a user screams "I did not read it!" or when a user screams "I want the stuff you made but I want it how I want it! Just give it to me anyway!".In both of those cases I am ok with the user ge

But users cannot sanely determine whether they should give the app permissions, unless the app explains why it wants those permissions. If I install a clock widget and it asks for permissions to send text messages to pay numbers, I don't trust it. If the clock description lists a feature to send text messages to another phone when a user-defined timer goes off, I might trust it. (And it would take more than just that description to make me trust it.)

But users cannot sanely determine whether they should give the app permissions, unless the app explains why it wants those permissions.

Yes they can.If I want an App and I have questions about why it needs certain permissions I can ask.Most market Apps have comments about permissions. Sometimes just looking I can get the answer. If I need to ask the developer then my download can wait till I have my answers.

If I install a clock widget and it asks for permissions to send text messages to pay numbers, I don't trust it. If the clock description lists a feature to send text messages to another phone when a user-defined timer goes off, I might trust it. (And it would take more than just that description to make me trust it.)

Exactly.I do not really know what your problem is. In 90% of my downloads a quick check of the permissions it asks for and the comments section lets me know if I should download or not. the other 10% might require a little effort on my p

You're lucky to easily figure out for 90% of your downloads. If I consider potential downloads (including the ones that I don't download because I can't figure out why it needs certain permissions), I don't even get to 50%, and at that point, it becomes enough of a pain to investigate each and every possibly useful app that I wish the default would be to have an explanation in the description.

Also the reason that a QR code reader may want full access to your contacts list is because most of them will read contact QR code. One click and full contact information for a person is added to you list.

The problem is that Android offers apps no mechanism to ask for permissions after installation, like there was in, say, J2ME phones.

So apps need to ask upfront for all permissions which they might need to support all of their features, even if some of those will never be used.In your QR code example, if the app features a way to, say add a contact from a QR code, or generate a code for a given contact in your address book, it must have that permission, even if most users will never need it.

In iOS, applications don't have a lot of access to personal data to start with - and certainly not to read SMS (although apps can send using an Apple sanction UI only). They do have access to the contents of the address book, but this is looks likely to change soon.

They have access to my photos, videos, calendar and contacts that I know of. I consider that a lot of personal data. But I don't know which apps have access to what on iOS, where as I can see that per app with Android.

I think the point here is that whilst applications do indeed have access, this is often mediated through Apple's user-interface in each case - which I suspect you'll find is actually provided by another process within a different sandbox. This means that rogue applications are not hoovering up your data without user-interaction.

On iOS they do not have access to your photo's, video's or calendar's.

They can however display browser requesting you to select a photo or a video and then manipulate the particular one you chose. They cannot access them outside of the defined API.This is one reason that all the "private photo" apps can only import pictures from iOS one by one, or by you uploading them via iTunes or the net etc.

Apple spokesperson: "We’re working to make this [protecting user privacy] even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

I'd say LBE Privacy Guard + DroidWall make an excellent defense, something that can be said to tip the scales in favor for Android, assuming a clued user and a rooted phone.

iOS has/had Firewall IP, but not sure if that has been updated to keep up with the latest iOS 5 vagaries. It also requires a jailbreak, which can be daunting, come iOS 5.1 and forced upgrades on restores. So, unless one gets that working, the only way to tell that an app is slurping from the message logs is to have the phone on a wirel

On android, it pops up a warning at install time. I'm sorry, but if you didn't know facebook app accesses that info, who's fault is that? It's very clear that it requires access to every bit of personal info on your phone, down to your inbox if I recall correctly. It's why I don't have facebook installed on my phone, and why I refuse to upgrade several apps, I don't feel they need that level of access, so I don't let them on my phone.

The report also says information such as user location, contacts list, and browser history are often accessed and sometimes transmitted to third-party companies, including advertisers.

That also caught my attention- location, contacts list and browser history, all to third-party advertisers: well, I think they are pushing it, and that people should either use a firewall (I'm no smart phone expert but I really hope there exists a firewall) or not install the app at all- can't one just access facebook from a smartphone's browser? Why would you need an app, especially if they spy on you in such a greedy and disrespectful way?

The fact that any old app can apparently access your contacts, text messages and browser history.

The Facebook app has a legitimate reason to read/write your contact data. It includes a feature that allows to to sync your contacts on your phone with your facebook contacts. It would be great, for example if it automatically updated the contact photos on my phone for my facebook friends using their profile picture on facebook. (I think Motoblur does this, for example.)

However, the way facebook implemented it was rather messed up. They didn't store the contacts with the regular contact data. So, if yo

How hard is it to say, "No, we never, ever access private messages or contact information for any reason"?

Really, really hard. Because as soon as any company does this, some back office dweeb from the company pipes up with "actually, thats not technically correct..." and now they're openly lying about it. PR and politicians alike never want to talk in absolutes because it can only ever come back and bite them...

People are surprised because they only expect the government to invade their privacy

I tend to disagree. Most people I run across look at you funny when you present the idea that the government is invading their privacy. In fact, most will deny it outright and argue that "the people" would never let anything like that happen (even though, it's already happening, and worse!)

You have a nation of consumers, which means they all think in terms of "who can I go to when [whatever] doesn't work, is broken, is causing me inconvenience, etc. and when they find the company they're dealing with is

Because there is the idea that what you enter into one app on your phone is not available to another app.If I accept the "terms of use" for facebook, I do not also consent to having them go through my text messages.When I turn off location services for facebook I do not expect them to still access my location.

Because there is the idea that what you enter into one app on your phone is not available to another app.

And that is in fact the default operating method for both major smartphone platforms. But there's value in being able to share certain kinds of data between apps. For example, if you want to write a better SMS client, that task is pretty much impossible if the user has to recreate their entire contact list and loses all their existing SMS history. That's why (on Android at least) the app has to request permission for that access. Unfortunately your only choices are to grant every permission the app requ

People are surprised because this is a cell phone app reading data that is irrelevant to the app's function. It would be like if Google had a picture editing program that sent google a snapshot of your entire filesystem directory listings. Surprising.

I wish I didn't install their app on my HTC ages ago. It's off now; but it did get the contact data from the phone! I only use the browser for FB now and no way am I installing that Malware again. - Events details locked in FB are a pain.

I've never programmed for mobile phones before, so I'm ignorant, but are the phone's SMS messages even available in the APIs given to mobile developers to use for creating 3rd party apps? Even if it is available in the API, surely the phone OS would pop up a warning and force you to confirm approval.

Android phones in the U.S. come with apps that cannot be deleted, depending on the service. Typically: Facebook, Twitter. You can choose to decline updates, but you cannot remove the app. Look at the comments on this app: https://market.android.com/details?id=com.virginmobileusa.vmlive&hl=en [android.com] Of them 90% are along the lines of this one: "This program is garbage I wish I could get this crap off my phone."

Android doesn't do this. Certain carriers push out custom versions of Android where a small handful of the shovel-ware apps can't be deleted. But Facebook and Twitter can be deleted on all the major carriers (Sprint, AT&T, T-Mobile, Verizon).

However, you can always root your phone if you really want to delete these shovel-ware apps.

Google's stock Android doesn't let you uninstall Facebook, Twitter, Amazon MP3 and even Google Books. I'm talking Ginger Bread on Nexus One - so it's not imposed by any carrier. It gets into some weird situations as well - since I'm in India and currently Google Books is not available for India, it won't let me install any updates, but it still shows me update notifications, and would not let me uninstall the app. It sucks, especially since app storage is really small and precious on these old phones.

Android doesn't do this. Certain carriers push out custom versions of Android where a small handful of the shovel-ware apps can't be deleted. But Facebook and Twitter can be deleted on all the major carriers (Sprint, AT&T, T-Mobile, Verizon).

I kind of expect such behavior by big internet companies like Facebook, Google, Microsoft, Zynga, etc.

We've all read the line "If You're Not Paying for It; You're the Product" and it's true.

It's just a shame that these comapnies don't tell/warn/notice the users clearly before they sign up and while they are using their services about what's going on behind the people's backs.

There should be something along the lines of...

"Dear Sindy, the reason why that third-party company is sending you advertisment about hepres treatment products might be, because we found out about it during your messaging with Jenny and we thought that we should sell your information, which you would probably want to remain private, to the company paying us the most, which is specialised in treating herpes. It's a win-win situation for both of us. Best regards, your Facebook-Privacy-Team"

I stopped using and uninstalled the Facebook Android app when I saw that it was turning on my phone's GPS as soon as I opened it. Sorry, but there's no legitimate reason for the GPS to be on all the time in this app's context.

I think I should be able to go in and modify any app's permissions after the fact. The "accept permissions" button should only set those requested permissions as default, then I should have an app that can revoke them. Currently the app developer gets all the power because people don't know what the permissions tie to and how they actually get used/abused. Such an ability would make app authors think twice...

Cyanogenmod lets you do exactly that. I'm running it on my HTC Thunderbolt, and as soon as I read this, I went in, saw that the Facebook app does indeed request full SMS permissions (read, write, send, and receive), and turned them all off. The app hasn't complained so far. Still, it would be nice if it was an OS default option instead of requiring that you install a third-party ROM, which isn't possible on a lot of phones and will break other things on many of them.

As long as the # of decent browsers surpasses the # of evil mega-corporation web services I want to use I guess I have some privacy. Fifteen years ago there were two browsers and both were broken, either by crashes or security. Now we're in a golden age of good browsers. The only way the evil megas can break browser separation would be by IP, which is fuzzy, or by Flash cookies, which I hope are not shared across browser. (Or by behavioral analysis, also fuzzy.)

The real problem is that common applications request almost all of the permissions from the phone when the user installs them, to provide full functionality (importing contacts, etc.). The user's choice is between not installing the app and giving it those permissions.

What should be happening instead is: make the permissions user selectable, to be able to install the facebook app, but to prevent it from accessing anything I don't want. The app store / market rules should mandate that applications cope with the degradation of priviledges gracefully. The OS/app should display a popup when the user tries to do something that requires priviledges the app doesn't have, along the lines of "do you want to grant permission x to this application? [just this once] / [yes] / [no] / [don't ask again]"

Alternatively, the core Android APIs should provide a null data set when the app hasn't been granted permissions to a particular resource, and normal rules of error checking your data apply.
I've written a few Android apps and can easily see how the Android permission system is broken. For example, when verifying an app purchase with the Google Market API, Google suggests using some unique identifier to encrypt the data store:

[...] the Policy must always obfuscate the data before storing it, using a key that is unique for the application and device. Obfuscating using a key that is both application-specific and device-specific is critical, because it prevents the obfuscated data from being shared among applications and devices.

However, in order to get a truly device-specific identifier requires extra permis

This Sunday Times article is just the latest in a string of Rupert Murdoch media outlets (mostly the Wall Street Journal) posting exaggerated and questionably-researched stories about "hacking scandals" at large internet companies like Facebook, Google, Microsoft, etc. The strategy seems to be to distract the public from real hacking scandals at News of the World and other Murdoch owned properties and make it appear that hacking is a normal activity for successful companies. What, you thought that scandal

In my trip to India last month, I was using a crappy phone to surf the Internet. I thought google used SSL or some obfuscation but I was surprised when I started getting emails from Indian sites.The problem is not just limited to Apps but on a broader scale ISP's snoop on you.

Don't use facebook. I've never had facebook, or orkut, or twitter, or any of that crap.

I use the internet in just about the same way I used it when I was a kid, except now I use SSH instead of Telnet, and SCP instead of FTP. I use the web to retrieve information, as was its original purpose, and of course as a replacement for USENET. Why people find the need to use all of this new crappy services offered over the web? Why do they find the need to register to every new stupid service they find? Now most of t

( and I do ! ), this is simply below all levels of verifiability. "Is being accused of...", "...denies....", "...according to...( behind paywall ).... ". And then the same Sunday Times article suddenly becomes a "report". C'mon. Show us facts, bare, hard, naked facts. Not allegations. Slow news day, Slashdot ?

The problem is the smartphone. What you have is a little computer, holding lots of your data, that has wifi, 3G, 4G, LTE, LSD, and of course, 2G. It's a walking smorgasbord of personal data about you.

And what do you do with it? You download app after app, to make it so you can do stuff easier, while letting these "apps" have access to your data. Your personal data. Sure, the corporations, who makes their money off your personal data, are going to say they aren't "reading" your text messages, your

That's good to know! I just have to wonder if my apps can access all of my other stuff (contacts, phone history, etc.). There's not a lot of security info in the Windows 7.5 Phone stuff, but if it's because it's locked down, that's fine by me, too.

Apple considers their users too stupid to know such important details like whether an app can access all your data. Android pops up a nice dialog - when I thought I'll try out the Facebook app, it said it can access my contacts, sms messages and pretty much everything. I said fuck no, and never installed the app. Also the reports from friends with iPhones that as soon as you install the facebook app the first thing it does is to upload all the phone numbers from your contact list to facebook. People who did

facebook is doing a lot that people do not like. they do not care. they will not change and that's a problem. HUGE problem.
Timeline: terrible. privacy: not private. they still have those cookies that track you even when you sign out. you have to think, Mark Z hacked Harvard's computer system, was successful and hired hackers as his first staff when facebook was blossoming.
THEY ARE HACKERS. They are so good that they not only change their base code for the site, they created their own language for FB.
T